github-trending-spider

Pass

Audited by Gen Agent Trust Hub on Jun 17, 2026

Risk Level: SAFECREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill manages a local checkout from a public GitHub repository (github.com/wenbochang888/github-trending-spider). It references scripts and instructions that perform third-party package installations via pip install -r requirements.txt and npm install.
  • [CREDENTIALS_UNSAFE]: The application logic interacts with sensitive environment variables, specifically GITHUB_TOKEN, SMTP_USER, and SMTP_PASSWORD. Although the skill contains explicit 'Response Rules' to prevent the agent from printing these secrets, the underlying application is designed to access and use them.
  • [COMMAND_EXECUTION]: The skill provides instructions for executing shell scripts (e.g., bash scripts/start_backend.sh) and starting web services using uvicorn. It notes that the application may bind to 0.0.0.0 and attempts to write logs to a system path (/root/logs/) by default, though it recommends user overrides to /tmp.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and summarizes untrusted data from multiple external sources such as Hacker News, V2EX, and GitHub Trending.
  • Ingestion points: Untrusted content is fetched through modules like hacker_news.py, tldr_ai.py, and official_ai_sources.py.
  • Boundary markers: The instructions do not specify the use of delimiters or guardrails to prevent embedded instructions in the news content from influencing the agent's behavior.
  • Capability inventory: The skill possesses the ability to execute shell commands, perform network requests, and send emails via SMTP.
  • Sanitization: No explicit sanitization or filtering of the fetched text is described before it is processed for summarization.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 17, 2026, 07:43 AM
Security Audit — agent-trust-hub — github-trending-spider